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CLAIMS 

What is Claimed Is : 

1. A method of preventing ID spoofing comprising: 
allowing a user to access a registration server; 

upon the registration server receiving identification 
information from the user and also receiving a request by the 
user for a new signature certificate, the registration server 
querying a directory to obtain information regarding the 
identified user; and 

upon the registration server receiving information 
from the directory indicating that the identified user already 
possesses a signature certificate, the registration server 
informing the user that a new signature certificate will not 
be issued until the old signature certificate has been 
revoked, thereby preventing an unauthorized user from ID 
spoofing to obtain a valid signature certificate. 

2. The method of claim 1, further comprising providing 
user identifiers and their corresponding digital signature 
certificates in said directory. 

3. The method of claim 1, further comprising providing 
an authoritative database including user identifiers, wherein 
the directory is updated from the authoritative database. 

4. The method of claim 1, further comprising providing 
a personal revocation authority to revoke a user's previous 
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signature certificate^ the personal revocation authority being 
chosen so as to personally recognize a user. 

5. A method of preventing ID spoofing comprising: 
allowing a user to access a registration server; 
upon the registration server receiving identifi- 
cation information from the user and also receiving a request 
by the user for a new signature certificate, the registration 
server querying a directory to obtain information regarding 
the identified user; and 

upon the registration server receiving information 
from the directory indicating that the identified user is not 
in the directory, the registration server informing the user 
that a signature certificate will not be issued, thereby 
preventing an unauthorized user from ID spoofing to obtain a 
valid signature certificate. 

6. The method of claim 5, further comprising providing 
user identifiers and their corresponding digital signature 
certificates in said directory. 

7. The method of claim 5, further comprising providing 
an authoritative database including user identifiers, wherein 
the directory is updated from the authoritative database. 

8. The method of claim 5, further comprising providing 
a personal revocation authority to revoke a user's previous 
signature certificate, the personal revocation authority being 
chosen so as to personally recognize a user. 
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9. An apparatus for preventing ID spoofing comprising: 
a registration server to allow access by a user; 

a directory accessible by the registration server, 
the directory storing information regarding all users; 

wherein, upon the registration server receiving 
information from the user and also receiving a request by the 
user for a new signature certificate, the registration server 
querying the directory to obtain information regarding the 
identified user; and 

wherein, upon the registration server receiving 
information from the directory indicating that the identified 
user already possesses a signature certificate, the 
registration server informing the user that a new signature 
certificate will not be issued until the old signature 
certificate has been revoked, thereby preventing an 
unauthorized user from ID spoofing to obtain a valid signature 
certificate . 

10. The apparatus of claim 9, wherein the directory 
includes identifiers and their corresponding digital signature 
certificates . 

11. The apparatus of claim 9, further comprising an 
authoritative database including user identifiers, wherein the 
directory is updated from the authoritative database. 

12- The apparatus of claim 9, further comprising a 
personal revocation authority to revoke a user's previous 
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signature certificate, the personal revocation authority being 
chosen so as to personally recognize a user. 

13. An apparatus for preventing ID spoofing comprising: 
a registration server to allow access by a user; 

a directory accessible by the registration server, 
the directory storing information regarding all users; 

wherein, upon the registration server receiving 
information from the user and also receiving a request by the 
user for a new signature certificate, the registration server 
querying the directory to obtain information regarding the 
identified user; and 

wherein, upon the registration server receiving 
information from the directory indicating that the identified 
user is not in the directory, the registration server 
informing the user that the user is not a valid member of the 
enterprise and not issue a signature certificate. 

14. The apparatus of claim 12, wherein the directory 
includes identifiers and their corresponding digital signature 
certificates . 

15. The apparatus of claim 12, further comprising an 
authoritative database including user identifiers, wherein the 
directory is updated from the authoritative database. 

16. The apparatus of claim 12, further comprising a personal 
revocation authority to revoke a user^s previous signature 
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certificate, the personal revocation authority being chosen so 
as to personally recognize a user. 
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